121
|
7.5 |
HIGH
Network
dueclic
|
wp_2fa_with_telegram
|
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, whi…
Update
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2024-9820
|
2024-10-19 09:44 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
122
|
8.8 |
HIGH
Network
|
newtype
|
webeip
|
WebEIP v3.0 from
NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affe…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9968
|
2024-10-19 09:42 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
123
|
7.2 |
HIGH
Network
|
fortinet
|
fortianalyzer fortianalyzer_cloud
|
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
Update
|
NVD-CWE-noinfo
|
CVE-2024-45330
|
2024-10-19 09:41 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
124
|
3.7 |
LOW
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-F…
Update
|
NVD-CWE-noinfo
|
CVE-2023-42010
|
2024-10-19 09:38 |
2024-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
125
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Update
|
NVD-CWE-noinfo
|
CVE-2020-36765
|
2024-10-19 09:37 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
126
|
5.5 |
MEDIUM
Local
|
ibm
|
sterling_partner_engagement_manager
|
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.
Update
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2022-35640
|
2024-10-19 09:34 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
127
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_clearquest
|
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-28796
|
2024-10-19 09:33 |
2024-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
128
|
8.2 |
HIGH
Network
ibm
|
engineering_requirements_management_doors engineering_requirements_management_doors_web_access
|
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerab…
Update
|
CWE-611
XXE
|
CVE-2023-50304
|
2024-10-19 09:32 |
2024-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
129
|
9.8 |
CRITICAL
Network
ibm
|
infosphere_information_server infosphere_information_server_on_cloud
|
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete in…
Update
|
CWE-89
SQL Injection
|
CVE-2024-40689
|
2024-10-19 09:30 |
2024-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
130
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
New
|
-
|
CVE-2024-43577
|
2024-10-19 08:15 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|